/**
* Construct an IP address representation.
* @param string $address The textual representation of an IP address or CIDR range.
*/
public function __construct($address)
{
// analyze address format
$this->is_valid = IP::isIPAddress($address);
if (!$this->is_valid) {
return;
}
$this->is_ipv4 = IP::isIPv4($address);
$this->is_ipv6 = !$this->is_ipv4 && IP::isIPv6($address);
// analyze address range
$this->is_range = IP::isValidBlock($address);
$this->encoded_range = IP::parseRange($address);
$this->range = array(IP::prettifyIP(IP::formatHex($this->encoded_range[self::START])), IP::prettifyIP(IP::formatHex($this->encoded_range[self::END])));
}
public function execute()
{
global $wgContLang;
$db = $this->getDB();
$params = $this->extractRequestParams();
$this->requireMaxOneParameter($params, 'users', 'ip');
$prop = array_flip($params['prop']);
$fld_id = isset($prop['id']);
$fld_user = isset($prop['user']);
$fld_userid = isset($prop['userid']);
$fld_by = isset($prop['by']);
$fld_byid = isset($prop['byid']);
$fld_timestamp = isset($prop['timestamp']);
$fld_expiry = isset($prop['expiry']);
$fld_reason = isset($prop['reason']);
$fld_range = isset($prop['range']);
$fld_flags = isset($prop['flags']);
$result = $this->getResult();
$this->addTables('ipblocks');
$this->addFields(array('ipb_auto', 'ipb_id', 'ipb_timestamp'));
$this->addFieldsIf(array('ipb_address', 'ipb_user'), $fld_user || $fld_userid);
$this->addFieldsIf('ipb_by_text', $fld_by);
$this->addFieldsIf('ipb_by', $fld_byid);
$this->addFieldsIf('ipb_expiry', $fld_expiry);
$this->addFieldsIf('ipb_reason', $fld_reason);
$this->addFieldsIf(array('ipb_range_start', 'ipb_range_end'), $fld_range);
$this->addFieldsIf(array('ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted', 'ipb_allow_usertalk'), $fld_flags);
$this->addOption('LIMIT', $params['limit'] + 1);
$this->addTimestampWhereRange('ipb_timestamp', $params['dir'], $params['start'], $params['end']);
// Include in ORDER BY for uniqueness
$this->addWhereRange('ipb_id', $params['dir'], null, null);
if (!is_null($params['continue'])) {
$cont = explode('|', $params['continue']);
$this->dieContinueUsageIf(count($cont) != 2);
$op = $params['dir'] == 'newer' ? '>' : '<';
$continueTimestamp = $db->addQuotes($db->timestamp($cont[0]));
$continueId = (int) $cont[1];
$this->dieContinueUsageIf($continueId != $cont[1]);
$this->addWhere("ipb_timestamp {$op} {$continueTimestamp} OR " . "(ipb_timestamp = {$continueTimestamp} AND " . "ipb_id {$op}= {$continueId})");
}
if (isset($params['ids'])) {
$this->addWhereFld('ipb_id', $params['ids']);
}
if (isset($params['users'])) {
$usernames = array();
foreach ((array) $params['users'] as $u) {
$usernames[] = $this->prepareUsername($u);
}
$this->addWhereFld('ipb_address', $usernames);
$this->addWhereFld('ipb_auto', 0);
}
if (isset($params['ip'])) {
$blockCIDRLimit = $this->getConfig()->get('BlockCIDRLimit');
if (IP::isIPv4($params['ip'])) {
$type = 'IPv4';
$cidrLimit = $blockCIDRLimit['IPv4'];
$prefixLen = 0;
} elseif (IP::isIPv6($params['ip'])) {
$type = 'IPv6';
$cidrLimit = $blockCIDRLimit['IPv6'];
$prefixLen = 3;
// IP::toHex output is prefixed with "v6-"
} else {
$this->dieUsage('IP parameter is not valid', 'param_ip');
}
# Check range validity, if it's a CIDR
list($ip, $range) = IP::parseCIDR($params['ip']);
if ($ip !== false && $range !== false && $range < $cidrLimit) {
$this->dieUsage("{$type} CIDR ranges broader than /{$cidrLimit} are not accepted", 'cidrtoobroad');
}
# Let IP::parseRange handle calculating $upper, instead of duplicating the logic here.
list($lower, $upper) = IP::parseRange($params['ip']);
# Extract the common prefix to any rangeblock affecting this IP/CIDR
$prefix = substr($lower, 0, $prefixLen + floor($cidrLimit / 4));
# Fairly hard to make a malicious SQL statement out of hex characters,
# but it is good practice to add quotes
$lower = $db->addQuotes($lower);
$upper = $db->addQuotes($upper);
$this->addWhere(array('ipb_range_start' . $db->buildLike($prefix, $db->anyString()), 'ipb_range_start <= ' . $lower, 'ipb_range_end >= ' . $upper, 'ipb_auto' => 0));
}
if (!is_null($params['show'])) {
$show = array_flip($params['show']);
/* Check for conflicting parameters. */
if (isset($show['account']) && isset($show['!account']) || isset($show['ip']) && isset($show['!ip']) || isset($show['range']) && isset($show['!range']) || isset($show['temp']) && isset($show['!temp'])) {
$this->dieUsageMsg('show');
}
$this->addWhereIf('ipb_user = 0', isset($show['!account']));
$this->addWhereIf('ipb_user != 0', isset($show['account']));
$this->addWhereIf('ipb_user != 0 OR ipb_range_end > ipb_range_start', isset($show['!ip']));
$this->addWhereIf('ipb_user = 0 AND ipb_range_end = ipb_range_start', isset($show['ip']));
$this->addWhereIf('ipb_expiry = ' . $db->addQuotes($db->getInfinity()), isset($show['!temp']));
$this->addWhereIf('ipb_expiry != ' . $db->addQuotes($db->getInfinity()), isset($show['temp']));
$this->addWhereIf('ipb_range_end = ipb_range_start', isset($show['!range']));
$this->addWhereIf('ipb_range_end > ipb_range_start', isset($show['range']));
}
if (!$this->getUser()->isAllowed('hideuser')) {
$this->addWhereFld('ipb_deleted', 0);
}
// Purge expired entries on one in every 10 queries
if (!mt_rand(0, 10)) {
Block::purgeExpired();
}
$res = $this->select(__METHOD__);
$count = 0;
foreach ($res as $row) {
if (++$count > $params['limit']) {
// We've had enough
$this->setContinueEnumParameter('continue', "{$row->ipb_timestamp}|{$row->ipb_id}");
break;
}
$block = array(ApiResult::META_TYPE => 'assoc');
if ($fld_id) {
$block['id'] = (int) $row->ipb_id;
}
if ($fld_user && !$row->ipb_auto) {
$block['user'] = $row->ipb_address;
}
if ($fld_userid && !$row->ipb_auto) {
$block['userid'] = (int) $row->ipb_user;
}
if ($fld_by) {
$block['by'] = $row->ipb_by_text;
}
if ($fld_byid) {
$block['byid'] = (int) $row->ipb_by;
}
if ($fld_timestamp) {
$block['timestamp'] = wfTimestamp(TS_ISO_8601, $row->ipb_timestamp);
}
if ($fld_expiry) {
$block['expiry'] = $wgContLang->formatExpiry($row->ipb_expiry, TS_ISO_8601);
}
if ($fld_reason) {
$block['reason'] = $row->ipb_reason;
}
if ($fld_range && !$row->ipb_auto) {
$block['rangestart'] = IP::formatHex($row->ipb_range_start);
$block['rangeend'] = IP::formatHex($row->ipb_range_end);
}
if ($fld_flags) {
// For clarity, these flags use the same names as their action=block counterparts
$block['automatic'] = (bool) $row->ipb_auto;
$block['anononly'] = (bool) $row->ipb_anon_only;
$block['nocreate'] = (bool) $row->ipb_create_account;
$block['autoblock'] = (bool) $row->ipb_enable_autoblock;
$block['noemail'] = (bool) $row->ipb_block_email;
$block['hidden'] = (bool) $row->ipb_deleted;
$block['allowusertalk'] = (bool) $row->ipb_allow_usertalk;
}
$fit = $result->addValue(array('query', $this->getModuleName()), null, $block);
if (!$fit) {
$this->setContinueEnumParameter('continue', "{$row->ipb_timestamp}|{$row->ipb_id}");
break;
}
}
$result->addIndexedTagName(array('query', $this->getModuleName()), 'block');
}
public function execute()
{
global $wgContLang;
$params = $this->extractRequestParams();
$this->requireMaxOneParameter($params, 'users', 'ip');
$prop = array_flip($params['prop']);
$fld_id = isset($prop['id']);
$fld_user = isset($prop['user']);
$fld_userid = isset($prop['userid']);
$fld_by = isset($prop['by']);
$fld_byid = isset($prop['byid']);
$fld_timestamp = isset($prop['timestamp']);
$fld_expiry = isset($prop['expiry']);
$fld_reason = isset($prop['reason']);
$fld_range = isset($prop['range']);
$fld_flags = isset($prop['flags']);
$result = $this->getResult();
$this->addTables('ipblocks');
$this->addFields('ipb_auto');
$this->addFieldsIf('ipb_id', $fld_id);
$this->addFieldsIf(array('ipb_address', 'ipb_user'), $fld_user || $fld_userid);
$this->addFieldsIf('ipb_by_text', $fld_by);
$this->addFieldsIf('ipb_by', $fld_byid);
$this->addFieldsIf('ipb_timestamp', $fld_timestamp);
$this->addFieldsIf('ipb_expiry', $fld_expiry);
$this->addFieldsIf('ipb_reason', $fld_reason);
$this->addFieldsIf(array('ipb_range_start', 'ipb_range_end'), $fld_range);
$this->addFieldsIf(array('ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted', 'ipb_allow_usertalk'), $fld_flags);
$this->addOption('LIMIT', $params['limit'] + 1);
$this->addTimestampWhereRange('ipb_timestamp', $params['dir'], $params['start'], $params['end']);
$db = $this->getDB();
if (isset($params['ids'])) {
$this->addWhereFld('ipb_id', $params['ids']);
}
if (isset($params['users'])) {
foreach ((array) $params['users'] as $u) {
$this->prepareUsername($u);
}
$this->addWhereFld('ipb_address', $this->usernames);
$this->addWhereFld('ipb_auto', 0);
}
if (isset($params['ip'])) {
list($ip, $range) = IP::parseCIDR($params['ip']);
if ($ip && $range) {
// We got a CIDR range
if ($range < 16) {
$this->dieUsage('CIDR ranges broader than /16 are not accepted', 'cidrtoobroad');
}
$lower = wfBaseConvert($ip, 10, 16, 8, false);
$upper = wfBaseConvert($ip + pow(2, 32 - $range) - 1, 10, 16, 8, false);
} else {
$lower = $upper = IP::toHex($params['ip']);
}
$prefix = substr($lower, 0, 4);
# Fairly hard to make a malicious SQL statement out of hex characters,
# but it is good practice to add quotes
$lower = $db->addQuotes($lower);
$upper = $db->addQuotes($upper);
$this->addWhere(array('ipb_range_start' . $db->buildLike($prefix, $db->anyString()), 'ipb_range_start <= ' . $lower, 'ipb_range_end >= ' . $upper, 'ipb_auto' => 0));
}
if (!is_null($params['show'])) {
$show = array_flip($params['show']);
/* Check for conflicting parameters. */
if (isset($show['account']) && isset($show['!account']) || isset($show['ip']) && isset($show['!ip']) || isset($show['range']) && isset($show['!range']) || isset($show['temp']) && isset($show['!temp'])) {
$this->dieUsageMsg('show');
}
$this->addWhereIf('ipb_user = 0', isset($show['!account']));
$this->addWhereIf('ipb_user != 0', isset($show['account']));
$this->addWhereIf('ipb_user != 0 OR ipb_range_end > ipb_range_start', isset($show['!ip']));
$this->addWhereIf('ipb_user = 0 AND ipb_range_end = ipb_range_start', isset($show['ip']));
$this->addWhereIf('ipb_expiry = ' . $db->addQuotes($db->getInfinity()), isset($show['!temp']));
$this->addWhereIf('ipb_expiry != ' . $db->addQuotes($db->getInfinity()), isset($show['temp']));
$this->addWhereIf('ipb_range_end = ipb_range_start', isset($show['!range']));
$this->addWhereIf('ipb_range_end > ipb_range_start', isset($show['range']));
}
if (!$this->getUser()->isAllowed('hideuser')) {
$this->addWhereFld('ipb_deleted', 0);
}
// Purge expired entries on one in every 10 queries
if (!mt_rand(0, 10)) {
Block::purgeExpired();
}
$res = $this->select(__METHOD__);
$count = 0;
foreach ($res as $row) {
if (++$count > $params['limit']) {
// We've had enough
$this->setContinueEnumParameter('start', wfTimestamp(TS_ISO_8601, $row->ipb_timestamp));
break;
}
$block = array();
if ($fld_id) {
$block['id'] = $row->ipb_id;
}
if ($fld_user && !$row->ipb_auto) {
$block['user'] = $row->ipb_address;
}
if ($fld_userid && !$row->ipb_auto) {
$block['userid'] = $row->ipb_user;
}
if ($fld_by) {
$block['by'] = $row->ipb_by_text;
}
if ($fld_byid) {
$block['byid'] = $row->ipb_by;
}
if ($fld_timestamp) {
$block['timestamp'] = wfTimestamp(TS_ISO_8601, $row->ipb_timestamp);
}
if ($fld_expiry) {
$block['expiry'] = $wgContLang->formatExpiry($row->ipb_expiry, TS_ISO_8601);
}
if ($fld_reason) {
$block['reason'] = $row->ipb_reason;
}
if ($fld_range && !$row->ipb_auto) {
$block['rangestart'] = IP::formatHex($row->ipb_range_start);
$block['rangeend'] = IP::formatHex($row->ipb_range_end);
}
if ($fld_flags) {
// For clarity, these flags use the same names as their action=block counterparts
if ($row->ipb_auto) {
$block['automatic'] = '';
}
if ($row->ipb_anon_only) {
$block['anononly'] = '';
}
if ($row->ipb_create_account) {
$block['nocreate'] = '';
}
if ($row->ipb_enable_autoblock) {
$block['autoblock'] = '';
}
if ($row->ipb_block_email) {
$block['noemail'] = '';
}
if ($row->ipb_deleted) {
$block['hidden'] = '';
}
if ($row->ipb_allow_usertalk) {
$block['allowusertalk'] = '';
}
}
$fit = $result->addValue(array('query', $this->getModuleName()), null, $block);
if (!$fit) {
$this->setContinueEnumParameter('start', wfTimestamp(TS_ISO_8601, $row->ipb_timestamp));
break;
}
}
$result->setIndexedTagName_internal(array('query', $this->getModuleName()), 'block');
}
/**
* Execute the subpage.
* @param $params array Array of subpage parameters.
*/
function execute( $params ) {
global $wgOut, $wgUser, $wgLang;
if ( !count( $params ) ) {
$wgOut->addWikiMsg( 'securepoll-too-few-params' );
return;
}
$this->voteId = intval( $params[0] );
$db = $this->context->getDB();
$row = $db->selectRow(
array( 'securepoll_votes', 'securepoll_elections', 'securepoll_voters' ),
'*',
array(
'vote_id' => $this->voteId,
'vote_election=el_entity',
'vote_voter=voter_id',
),
__METHOD__
);
if ( !$row ) {
$wgOut->addWikiMsg( 'securepoll-invalid-vote', $this->voteId );
return;
}
$this->election = $this->context->newElectionFromRow( $row );
$this->initLanguage( $wgUser, $this->election );
$this->parent->setSubtitle( array(
$this->parent->getTitle( 'list/' . $this->election->getId() ),
wfMsg( 'securepoll-list-title', $this->election->getMessage( 'title' ) ) ) );
if ( !$this->election->isAdmin( $wgUser ) ) {
$wgOut->addWikiMsg( 'securepoll-need-admin' );
return;
}
# Show vote properties
$wgOut->setPageTitle( wfMsg(
'securepoll-details-title', $this->voteId ) );
$wgOut->addHTML(
'<table class="mw-datatable TablePager">' .
$this->detailEntry( 'securepoll-header-id', $row->vote_id ) .
$this->detailEntry( 'securepoll-header-timestamp', $row->vote_timestamp ) .
$this->detailEntry( 'securepoll-header-voter-name', $row->voter_name ) .
$this->detailEntry( 'securepoll-header-voter-type', $row->voter_type ) .
$this->detailEntry( 'securepoll-header-voter-domain', $row->voter_domain ) .
$this->detailEntry( 'securepoll-header-url', $row->voter_url ) .
$this->detailEntry( 'securepoll-header-ip', IP::formatHex( $row->vote_ip ) ) .
$this->detailEntry( 'securepoll-header-xff', $row->vote_xff ) .
$this->detailEntry( 'securepoll-header-ua', $row->vote_ua ) .
$this->detailEntry( 'securepoll-header-token-match', $row->vote_token_match ) .
'</table>'
);
# Show voter properties
$wgOut->addHTML( '<h2>' . wfMsgHTML( 'securepoll-voter-properties' ) . "</h2>\n" );
$wgOut->addHTML( '<table class="mw-datatable TablePager">' );
$props = SecurePoll_Voter::decodeProperties( $row->voter_properties );
foreach ( $props as $name => $value ) {
if ( is_array( $value ) ) {
$value = implode( ', ', $value );
}
$wgOut->addHTML(
'<td class="securepoll-detail-header">' .
htmlspecialchars( $name ) . "</td>\n" .
'<td>' . htmlspecialchars( $value ) . "</td></tr>\n"
);
}
$wgOut->addHTML( '</table>' );
# Show cookie dups
$cmTable = $db->tableName( 'securepoll_cookie_match' );
$voterId = intval( $row->voter_id );
$sql = "(SELECT cm_voter_2 as voter, cm_timestamp FROM $cmTable WHERE cm_voter_1=$voterId)" .
" UNION " .
"(SELECT cm_voter_1 as voter, cm_timestamp FROM $cmTable WHERE cm_voter_2=$voterId)";
$res = $db->query( $sql, __METHOD__ );
if ( $res->numRows() ) {
$wgOut->addHTML( '<h2>' . wfMsgHTML( 'securepoll-cookie-dup-list' ) . '</h2>' );
$wgOut->addHTML( '<table class="mw-datatable TablePager">' );
foreach ( $res as $row ) {
$voter = $this->context->getVoter( $row->voter );
$wgOut->addHTML(
'<tr>' .
'<td>' . htmlspecialchars( $wgLang->timeanddate( $row->cm_timestamp ) ) . '</td>' .
'<td>' .
Xml::element(
'a',
array( 'href' => $voter->getUrl() ),
$voter->getName() . '@' . $voter->getDomain()
) .
'</td></tr>'
);
}
$wgOut->addHTML( '</table>' );
}
# Show strike log
$wgOut->addHTML( '<h2>' . wfMsgHTML( 'securepoll-strike-log' ) . "</h2>\n" );
$pager = new SecurePoll_StrikePager( $this, $this->voteId );
$wgOut->addHTML(
$pager->getBody() .
$pager->getNavigationBar()
);
}
function formatValue( $name, $value ) {
global $wgLang, $wgScriptPath;
$critical = Xml::element( 'img', array(
'src' => "$wgScriptPath/extensions/SecurePoll/resources/critical-32.png" )
);
$voter = SecurePoll_Voter::newFromId(
$this->listPage->context,
$this->mCurrentRow->vote_voter
);
switch ( $name ) {
case 'vote_timestamp':
return $wgLang->timeanddate( $value );
case 'vote_ip':
return IP::formatHex( $value );
case 'vote_cookie_dup':
$value = !$value;
// fall through
case 'vote_token_match':
if ( $value ) {
return '';
} else {
return $critical;
}
case 'details':
$voteId = intval( $this->mCurrentRow->vote_id );
$title = $this->listPage->parent->getTitle( "details/$voteId" );
return Xml::element( 'a',
array( 'href' => $title->getLocalUrl() ),
wfMsg( 'securepoll-details-link' )
);
break;
case 'strike':
$voteId = intval( $this->mCurrentRow->vote_id );
if ( $this->mCurrentRow->vote_struck ) {
$label = wfMsg( 'securepoll-unstrike-button' );
$action = "'unstrike'";
} else {
$label = wfMsg( 'securepoll-strike-button' );
$action = "'strike'";
}
$id = 'securepoll-popup-' . $voteId;
return Xml::element( 'input',
array(
'type' => 'button',
'id' => $id,
'value' => $label,
'onclick' => "securepoll_strike_popup(event, $action, $voteId)"
) );
case 'vote_voter_name':
$msg = $voter->isRemote()
? 'securepoll-voter-name-remote'
: 'securepoll-voter-name-local';
return wfMsgExt(
$msg,
'parseinline',
array( $value )
);
default:
return htmlspecialchars( $value );
}
}
